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(57) ABSTRACT 

A method and apparatus to determine user identity and limit 
access to a communications network. A first message con- 
taining user identity information is received from a client 
computer in accordance with a first protocol A first network 
address is determined from the first message. A second 
message containing an information request is also received 
from the client in accordance with a second protocol, and a 
second network address is determined from the second 
message. The requesting user identity is then determined 
based on the first network address, the user identity infor- 
mation and the second network address. Based on the 
requesting user identity, it can be decided whether to grant 
the information request. If access is granted, the requested 
information is retrieved using the communications network, 

31 Claims, 6 Drawing Sheets 
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METHOD AND APPARATUS TO 
DETERMINE USER IDENTITY AND LIMIT 
ACCESS TO A COMMUNICATIONS 
NETWORK 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

This application claims the benefit of U.S. Provisional 
Application No. 60/064,365, filed Oct. 30, 1997, entitled 
"Method and Apparatus for Limiting Access to a Commu- 
nications Network Using a Proxy," and the subject matter of 
the present application is related to the subject matter of U.S. 
Pat. No. 5,809,242 entitled "Electronic Mail System for 
Displaying Advertisement at Local Computer Received 
From Remote Site While the Local Computer is Off-Line the 
Remote System" to David E. Shaw, Charles E. Ardai, Brian 
D. Marsh, Dana B. Rudolph, Jon D. McAuliffe and Mark A. 
Moraes and assigned to Juno Online Services, L.P., the 
entire disclosures of which are hereby incorporated by 
reference. 

FIELD OF THE INVENTION 

The invention relates to the transmission of information in 
a communications network. More particularly, the invention 
relates to a method and apparatus to determine user identity 
and limit access to a communications network. 

COPYRIGHT NOTICE 

A portion of the disclosure of this patent document 
contains material which is subject to copyright protection. 
The copyright owner has no objection to the facsimile 
reproduction by anyone of the patent document or patent 
disclosure as it appears in the Patent and Trademark Office 
patent file or records, but otherwise reserves all copyright 
rights whatsoever. 

BACKGROUND OF THE INVENTION 

A packet-based communications network (packet 
network) can transmit a data stream of bits in the form of 
packets of fixed or variable length for the purpose of moving 
information between computers. Each packet can be routed 
by address information contained in the data stream. 
Typically, one accesses a packet network through a client 
program executing on a personal computer (PC). There are 
approximately 30 million users of packet networks in the 
U.S. The Internet (the largest and most well-known of the 
existing packet networks) connects millions of computers in 
countries across the world. The World Wide Web represents 
a portion of the information on the Internet accessible 
through graphical user interface software (typically called a 
Web browser or browser). In addition to the Internet, many 
companies use packet networks, locally or internally within 
the company, which are modeled in functionality based upon 
the Internet. These packet networks, denoted "intranets" or 
"extra nets," are compatible with the Internet Protocol (IP), 
a communications protocol that handles the address part of 
each data packet that is transmitted from one computer to 
another on the Internet. 

A communications network, such as the Internet, can 
transmit pages of information to a user's computer for 
display. One example of such an information page is used in 
the World Wide Web (also called simply the "Web"), which 
stores and transmits information pages over the Internet 
using the Hyper Text Markup Language (HTML) transmit- 
ted via Hyper Text Transfer Protocol (HTTP). The informa- 
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lion that comprises a Web page on the Internet typically 
resides on a computer known as a server, which is accessed 
through the Internet by a person utilizing a computer, such 
as a PC. In general, a Web page can include combinations of 
5 text, graphics, sound, video and small application programs, 
A Web page can also include a "link" which, when selected 
by a user, results in the automatic display of another Web 
page. A group of related Web pages connected by these links 
is sometimes referred to as a Web "site." 

10 Each file of information on the Web is given a name, 
called a Uniform Resource Locator (URL), that a browser 
uses to request a file. The URL is essentially a location that 
can represent an entire Web page, an image file or any other 
type of file supported by HTML. The Netscape Navigator™ 

15 browser, available from Netscape Communications Corpo- 
ration in Mountain View, Calif., is one example of a browser 
that can request URLs and display Web pages to a user. 
Typically, a user at a PC will access the Internet by estab- 
lishing a communications link with, or "logging onto," an 

20 Internet Service Provider (ISP), perhaps over a telephone 
line using a modem. When the user requests a Web page, the 
user's browser communicates with the Internet through the 
ISP to retrieve the information related to the requested URL. 
Increasingly, businesses are establishing Web sites as a 

25 means of providing information to and attracting potential 
customers, and Web sites are emerging as an important tool 
for advertising. One may locate a company's Web site by, 
e.g., using one of a number of existing search engines 
available over the Internet, or browsing other Web sites 

30 containing links to the company's Web site, or directly 
entering the URL. Typically, Web browsing takes place in 
the context of an interactive communication session, where 
one may, for example, direct the Web browsing session by 
choosing to follow hypertext links found in Web sites and/or 

35 may respond to information located at various Web sites. 
Businesses seeking to attract potential customers obvi- 
ously want as many consumers as possible to view their 
advertisement Web pages. Many consumers, however, do 

40 not view advertisement Web pages due to the expense of 
accessing the Internet. An ISP typically generates revenue 
by charging a fee for providing access to the Internet, and the 
fees, which can be quite substantial, have been beyond the 
reach of many consumers. Therefore, some consumers have 

45 not had access to the Internet and are unable to view an 
advertiser's Web page. 

Even if an advertiser or ISP wanted to provide free access 
to the Internet, or access at a reduced cost, to let more 
consumers view advertisement Web pages, consumers 

50 would likely spend a lot of time viewing Web pages unre- 
lated to the advertisements. Without a way of granting 
access to a limited and pre-determined portion of the Web, 
namely selected advertisements, supporting consumer 
access to the Internet would be prohibitively expensive for 

55 the advertiser or ISP. 

Moreover, an advertiser might prefer to grant access to a 
particular Web advertisement based on the identity of a user, 
including, for example, the user's age and income. An 
advertiser might decide, for example, that different groups of 

60 users should see different advertisements, or that some 
groups should be allowed to view an advertisement for a 
longer period of time. The traditional browser/ISP interface 
does not let an ISP restrict access to URLs based on the 
user's identity, because, as explained below, the user's 

65 identity is not known. 

All information sent over the Internet is tagged with the 
unique IP address of both the sender and the recipient. An IP 
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address is usually expressed as four decimal numbers sepa- An embodiment of the present invention includes a proxy 
rated by periods. When a browser requests an HTML page, controller in communication with an access control proxy, 
the request will include the browser's IP address and the The proxy controller includes a user identity database and a 
recipient, such as an advertiser, can respond using the proxy control processor in communication with a client 
browser's IP address. A different IP address may be assigned 5 computer. The proxy control processor can receive from a 
to a computer on which the browser software is running each client a first message containing user identity information. A 
time the browser connects to the Internet, making the first network address is determined from the first message, 
identity of the user invisible in the traditional browser/Web The access control proxy includes a communications port 
server arrangement. An advertiser could insist that a user capable of receiving information pages, such as Web pages, 
provide personal information, such as demographic data or 10 f r0 m the communications network. The access control proxy 
a password, when the user visits an advertisement Web page. also includes a proxy processor able to receive a second 
Many users, however, are reluctant to provide this informa- message from the client including a request for an informa- 
tion over the Internet, and others will not bother to spend the U0D pa ge, such as a URL, and a second network address is 
time required by such a method. determined from the second message. Based on the first 
Advertisers might also be interested in other information 15 network address, the user identity information and the 
about users visiting an advertisement Web page. For second network address, the proxy processor in conjunction 
example, a demographic profile of the average user who with the proxy control processor can decide whether to 
visits a Web page, or the average number of times each user retrieve the requested URL from the Internet, 
returns to a particular Web site, could help advertisers With these and other advantages and features of the 
determine the effectiveness of the content. As explained 20 invention that will become hereinafter apparent, the nature 
above, however, there is no way for an advertiser to match of the invention may be more clearly understood by re fer- 
tile IP address of an HTTP request to a user's demographic ence to the following detailed description of the invention, 
information. Moreover, an advertiser has only a limited the appended claims and to the several drawings attached 
ability to determine if a particular user has visited a Web herein, 
page before. It is possible, for example, for the advertiser to 25 

store the fact that a particular computer has visited a Web BRIEF DESCRIPTION OF THE DRAWINGS 

page in a small file, called a "cookie/' placed on the FIG. 1 A is a block diagram of a system including an 

computer's disk drive. This feature, however, is not avail- embodiment of the present invention, 

able in all browsers. Furthermore, many users simply delete FIG. IB is a more detailed block diagram of the system 

cookie files or decide to disable the feature entirely. In 30 snown in FIG. 1A. 

addition, cookie files cannot track a single person's history **■ ui i j* •« * ** u j- * c 

™ . FIG. 2 is a block diagram illustrating an embodiment of 

when two ditierent PCs are used, and similarly do not ■ _ . „ -i * „ 

„ „ . . , ' . / n „ the present invention using an e-mail system, 

usually account tor multiple people using a single PC. _4 _ „ . „ , . , 

, . FIG. 3 is a flow diagram showing a process that can be 

To kmtf the cost of proving free access an adverser ^ in an access contn)1 Web acc0 rding to an 

might want to limit access to advertisement Web pages to a em5odiment of the present mvention . 

limited period or time. Alternately, an advertiser may wish A . . ,. . ^ . , 

. f. . C4 . * • . > i . Mo. 4 is a block diagram showing functional components 

to limit the number of times a user can visit, and re-visit, an - . ^ ,? , * 

j ^- ,,,, . c? u i- i j i j or an access control system according to an embodiment of 

advertisement Web page. Such limitations could depend on ^ resent mvent j on 

demographic information associated with the user, the time 6 P resen mven on * 

of day the request is made, or any other factor important to 40 FIG * 5 15 a block dia e ram showing communications 

the advertiser. Because an advertiser cannot match the IP involving a proxy control protocol daemon according to an 

address of an HTTP request to a user's identity, however, embodiment of the present invention, 

there is no way to implement such limitations. DETAILED DESCRIPTION 

In view of the foregoing, it can be appreciated that a 45 ^ present inventioD is directed to a method and appa . 
substantial need exists for a method and apparatus for ratus t0 delermine ^ identity and limit access to a com . 
limiting access to information pages in a communications mU nications network. Referring now in detail to the draw- 
network based on a user's identity, and solving the other mgs wnerein Uke parts are designated 5y like reference 
problems discussed above. numerals throughout, there is illustrated in FIG. 1A a block 

SUMMARY OF THE INVENTION 50 ° f A a System an of < he P re ^ 

invention. A user, or "client, computer 200, such as a PC, 

The disadvantages of the art are alleviated to a great accesses the Internet 100 through an access control system 

extent by the method and apparatus to determine user 300. Note that although only a single client is shown in FIG. 

identity and limit access to a communications network. A 1A, the present invention is capable of handling multiple 

first message containing user identity information is 55 clients. 

received from a client computer in accordance with a first In particular, the user PC 200 accesses the Internet 100 
protocol. A first network address is determined from the first through an access control "Web proxy" 310 having a con- 
message. A second message containing an information nection 110 to the Internet 100. As is well known in the art, 
request is also received from the client in accordance with a a proxy is a computer system that traditionally acts on behalf 
second protocol, and a second network address is deter- 60 of other Web servers by gathering all Internet requests from 
mined from the second message. The requesting user iden- a number of clients, obtaining the requested information 
tity is then determined based on the first network address, from the Internet, and forwarding the requested information 
the user identity information and the second network to the appropriate clients. A proxy can be used, for example, 
address. Based on the requesting user identity, it can be in a company having a number of client terminals and a 
decided whether to grant the information request. If access 65 single point of access to the Internet. Such a proxy can also 
is granted, the requested information is retrieved using the be configured to reduce network traffic by locally storing, or 
communications network. "caching," commonly downloaded information. 
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The user PC 200 also communicates with a proxy con- that advertisement. If desired, the user can then select a 

troller 320 in the access control system 300. As explained in different advertisement from the index and view its associ- 

detail below, the access control proxy 310 will only grant the ated Web page or pages. 

user access to a limited set of Web pages. The set of Web Because every request and response from the browser 

pages that can be accessed will be based on information 5 application 220 must pass through the proxy, the present 

provided to the access control proxy 310 from the proxy invention uses proxy technology as a "choke point" to limit 

controller 320. access to the Web. A proxy, such as an access control proxy 

Illustratively, in FIG. IB, a client access control applica- 310, can selectively filter out portions of the Web by 

tion 210 could be implemented using an electronic mail examining every Web request from the browser application 

system that displays targeted advertisements to remote users 10 220 and applying decision logic based on th e IP address of 

when the users are off line, such as the one described in U.S. the user and the URI hring "»g»^ttcdi JOhly requests" 

Pat. No. 5,809,242 entitled "Electronic Mail System for ' approved hy tfre access co ntrol prnvy "»f"fiYfi{1 fro'" 

Displaying Advertisement at Local Computer Received t he Internet 100 thr flyflh m nnectinn 110 and forwarded to 

From Remote Site While the Local Computer is Off-Line the the. hmw^r 77ft , 

Remote System". Such an electronic mail (e-mail) system 15 i n order to use an unmodified third party Web browser 

500, including a server e-mail application program 520, is 220, a standard IP network connection, such as one estab- 

shown in FIG. 2. The e-mail application program 520 could, i ishe d using Point to Point Protocol (PPP), can link the 

for example, briefly communicate with the user PC 200 access control proxy 310 with the user PC 200. The PPP 

through a modem 230 connected to a telephone line in order account can have an IP address filter, making it impossible 

to download e-mail and advertising information. An adver- 20 f or the user PC 200 to connect to any service besides the 

tisement banner 240 could then be constructed from the access control proxy 310 and the proxy controller 320. 

received advertising information. This banner 240 could be ^ access CQntrol proxy 310 decides if a artic ular URL 

displayed while the user is reading the e-mail information request from the browser application 2 20 will be granted 

250^veniftheuser PC200isnotiBCommumcationwith based on information from the proxy controller 320. In 

the e-mail system 500. 25 addition tQ displaying me advertiser index, the client access 

The off-line user could select an advertisement from the control application 210 communicates with the proxy con- 
banner 240 to automatically initiate the limited access to the troller 320. In particular, the client access control application 
Internet 100, The user PC 200 would request and receive 210 communicates with a Proxy Control Protocol Daemon 
Web page information through a Web proxy 510 and proxy (PCPD) 330 residing in the proxy controller 320, which also 
control processor 530, and the Web page associated with the 3U includes a user database system 350 and a daemon system 
selected advertisement would be displayed. Although the 340. A "daemon" is a program that handles service requests 
user would be allowed to view a pre-determined list of by forwarding them to other programs, or processes, as 
related Web pages, other Web page requests would be appropriate. It should be noted that the user database system 
rejected by the system 510, 530. ^ 350 and the daemon system 340 can easily be replaced by 

Thus, according, to the present invention, a user's access any database containing, for example, usage information, 

to the Web will be restricted to a subset of the total number demographics and authentication information about indi- 

of information pages available. The subset can be different vidual users. 

for each user, and can change over time. Referring now to The only distinguishing piece of information regarding a 

FIG. IB, which shows the system of FIG. 1A in greater 4Q request's origin that is carried with every Web request from 

detail, it is not practical to impose this restriction using the browser application 220 to the access control proxy 310 

software residing on the user PC 200. In particular, a user is the IP address assigned to the client by the ISP. This 

might alter software residing on the user PC 200, perhaps information is sufficient to identify related "hits" from a 

gaining unlimited access to the Internet 100. This risk is browsing "session," but the identity of the user remains 

reduced with the use of the access control system 300, 45 concealed to the access control proxy 310 because a different 

including an access control proxy 310 and a proxy controller IP address is assigned to each single client for each new 

320. The access control proxy 310 will control all commu- session. This anonymity makes dynamic proxy access 

nication between the browser application 220 and the Inter- restrictions impossible to enact using a traditional Web 

net 100. Again, although only a single client is shown in client/proxy or client/server model. 

FIG. IB, the present invention can handle any number of 5Q Thus> acC ording to an embodiment of the present 

clients. invention, an out-of-band protocol called Proxy Control 

The user PC 200 includes a browser application 220. Protocol (PCP) is used to exchange information between the 

According to an embodiment of the present invention, the client access control application 210 and the PCPD 330, 

browser application 220 can be a standard off-the-shelf which operates in parallel with the access control proxy 310. 

browser program, such as Netscape Navigator™, configured 55 The PCP information can be used to determine the identity 

to access the Internet 100 through a proxy acting on behalf of a user associated with an IP address. For example, a user's 

of other Web servers. password can be authenticated by the PCPD 330 during the 

The client access control application 210 also resides on start of every Web browsing session, perhaps with the aide 

the user PC 200. The client access control application 210 of the user database system 350 which includes a user 

can be used to initiate a Web browsing session. For example, 60 database server 352 with access to a user identity database 

the client access control application 210 can display an 355. The IP address associated with the authenticated user 

index of advertisements to a user. When the user selects an can then be used by the access control proxy 310 to associate 

advertisement from the index, the client access control that user with future Web page requests having the same IP 

application 210 can activate the browser application 220 and address. 

obtain a Web page associated with that advertisement. As 65 When the user selects an advertisement from the adver- 

explained in detail below, the user will only be allowed to tisement index, the client access control application 210 can 

access the Web page, or group of Web pages, associated with send a request to PCPD 330, through the out-of-band PCP, 
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to "add" the appropriate Web page, or Web pages, to an tisement rates could be based on the number of visitors to the 
Access Control List (ACL) maintained by the access control URLs associated with the advertisement. Some advertisers 
proxy 310. The PCPD 330 informs the access control proxy will be interested in the number of visitors and their related 
of the change to the ACL for the IP address. The ACL can demographic information. Other information about a par- 
then be used to decide whether a Web page request from the 5 ticular user, or a group of users, that can be recorded and 
browser application 220 with a particular IP address should supplied to advertisers can include, for example, the times of 
be granted. all connections and the total time spent at each Web site. 

Because of the dynamic nature of the ACL for each user, Reports to advertisers based on the information recorded 

an access control proxy 310 which bases access decisions on by the access control system 300 can also include demo- 

a static table is inadequate. Instead, an ACL can be main- 10 graphic information about users or groups of user, such as 

tained by the access control proxy 310 for each browsing the information that can be contained in the user database 

session, which is identified by both the access control proxy 345. This type of information could include, for example: 

310 and the PCPD 330 using the IP address. gender; education; income; age; marital status; and number 

The access control proxy 310 can limit a user's Web of children. The present invention also allows the total 

access based on, for example, the identity of the user or the 15 number of users who have requested a URL to be tracked, 

specific advertisement being requested. One type of restric- As some users may visit a site more than once, the total 

tion that may be imposed is based on the number of times, number of visits to a sile can also be monitored, along with 

or the "frequency" that, a user may connect to a given site. mc average time spent at each site during each visit. 

For example, a user may be allocated a fixed number of In addition to granting a user restricted access to the 

connections for their lifetime, or over a fixed period of time. 20 Internet 100, the access control proxy 310 can cache content 

Thus, e.g., a user could be allocated a maximum of ten to reduce the amount of network traffic. This function is 

connections for each advertisement in the advertisement performed by a Web proxy cache 312, described in detail 

index. The user's demographics, such as age, income and below with respect to FIG. 4, in communication with a cache 

residence, and the user's Web browsing history, such as how database 315. FIG. 3 is a flow diagram showing a process 

many times the user has visited a particular Web page or 25 that can be used for these functions according to an embodi- 

group of Web pages, can also be used to impose such a ment of the present invention. After beginning at step 400, 

frequency restriction. the access control proxy receives a request from the browser 

The amount of time, or "duration," a user can stay at any application including an IP address and a requested URL at 

one site, or group of sites, is another type of restriction that step 410. If the URL is not in the ACL associated with that 

may be imposed. A user could be allocated, for example, a IP address at step 420, an error page is sent to the user at step 

fixed period of time for the user's lifetime, or for each 430 and the denial is logged at step 435 before the process 

browsing session. Thus, a user could be allocated a maxi- continues at step 490. 

mum of ten minutes for each advertisement in the adver- If the URL is in the ACL associated with that IP address 

tisement index. The time restriction could also be modified, 35 at step 420, the system determines if the requested content 

for example, to extend the fixed period of time, or to avoid has already been cached at step 440. When the access control 

an abrupt end to a session, when the user is downloading a proxy gets a request from the browser application, such as 

large software file or is involved in another transaction for a Web page or graphic, the information generally must be 

which should be extended. For example, the user may be retrieved from the Internet and sent back to the browser 

midway through the completion of an order form. 4Q application. Thus, the access control proxy can create twice 

As with the frequency restriction, a user's demographics as mucD network communication as a simple direct (non- 

and history can be used to impose a duration restriction. The P rox y) HTrp transaction. To reduce this extra traffic, the 

time of day, or day of the week, when a request is made can access control proxy can save cacheable content on disk, 

also be taken into account for either restriction. Client skip the step of retrieving the information from the Internet, 

specific data, including the version of client access control 45 and respond immediately to a request from the browser 

application software, the Point-of-Preseoce (POP) location application. Thus, if the content has been cached, it is 

of the Internet connection and the version of browser provided to the user at step 470 and the successful request 

application software being used could all be considered. fc ^gg^ 1 at ste P 480 before the process continues at step 
Regardless of the type of restrictions imposed on users, 

either users or advertisers could be billed for use in excess 50 If the content is not in the access control proxy cache, the 

of the limitation. If desired, a user's allocation could be system determines whether the requested information is 

periodically "reset," such as at the beginning of every "cacheable" at step 405. Although some content may not be 

month. Moreover, a combination of both frequency and cacheable, it can be expected that much of the information 

duration, as well as other restrictions, are possible. For used in advertisement Web pages will be cacheable. If the 

example, users between the ages of 25 and 35 could be 55 information is not cacheable, it is simply retrieved and sent 

allocated four visits, with each visit lasting no more than 10 to the user as before. If the information is cacheable, the 

minutes. Such limits can be applied to a single Web page, or retrieved information is saved in the cache at step 460 before 

a group of Web pages and different advertisers can impose being sent to the user. 

different types of restrictions. The limitations are imple- The basic purpose of the access control proxy 310 is to 

mented by the PCPD 330 in conjunction with information, 60 provide and record, or "audit," limited access to Web pages, 

such as demographic or access history information for the such as advertisements, in response to requests from the 

particular user, stored in the user database 345. browser application 210. According to an embodiment of the 

Because the access control system 300 handles all Web present invention, these and other tasks are performed using 

requests from a client PC 200, and can associate each me functional components shown in FIG. 4. 

request with a user identity, the system can compile infor- 65 To restrict and audit user activity as finely as possible, the 

ma tion about a user, or a group of users, and associated Web access control proxy 310 can filter requests from a browser 

requests. Such information could be useful because adver- application 220 based on the advertisement that has been 
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selected from the advertisement index. A different ACL 360 
can be associated with each advertisement, and only URLs 
contained in the ACL 360 will be retrieved from Web servers 
120, 130, 140 on the Internet. A successful request can be 
stored in a log 370 and the information can be supplied to the 
browser application 220 for display to the user. All other 
URL requests can simply be denied, and the denials can also 
be stored in a log 370. 

Because the client access control application communi- 
cates with the PCPD 330, the PCPD 330 knows which 
advertisement has been selected by a user from the adver- 
tisement index, and therefore which ACL 360 is appropriate. 
The PCPD 330 also knows the IP address of that user. This 
information is provided to the access control proxy 310. In 
summary, the PCPD 330 tells the proxy each user's name, IP 
address and the ACL that contains the URLs the user is 
allowed to browse. 

The access control proxy 310 correlates each Web request 
from the browser application 220 with an appropriate user, 
and an appropriate ACL 360, based on the IP address 
contained in the Web request. If there is no match between 
the URL requested by the user and the ACL 360 for that user, 
the request is denied and logged. Otherwise, the request is 
served, and the corresponding user and advertisement infor- 
mation are logged. Eventually, timers or other restrictions 
maintained by the PCPD 330 may instruct the access control 
proxy 310 to reject all further requests from that user, i.e. 
from a specific IP address. 

An embodiment of the present invention employs a Web 
proxy cache which can process Internet data while trans- 
parently streaming the data from Web servers 120, 130, 140 
to the browser application 220. The Web proxy cache also 
handles connections to the PCPD and reads information 
from either a database or a file associating each advertiser 
with a corresponding ACL. The ACL can include the IP 
address, mask, and port-range of approved Web pages and 
can be stored in a hash table keyed on the advertiser. The 
access control proxy 310 keeps track of users as "sessions" 
and stores a hash table of sessions, keyed on the IP address 
associated with a user. Each session also has an ACL listing 
permissible URLs. An administrative Web page URL, which 
could permit a user to visit certain Web pages related to 
system errors, etc., can be included in every ACL. 

The PCPD 330 will now be described in detail with 
respect to FIG. 5, a block diagram showing communications 
involving the PCPD 330 according to an embodiment of the 
present invention. The client access control application 210 
communicates 332 with the PCPD 330 to start a new 
session, transferring state information about the current 
connection such as machine identification number, user 
name, Point of Presence (POP) number, advertisement iden- 
tification number, connection media type, etc. The PCPD 
330 communicates 334 with a user database to authenticate 
the person using, for example, a time stamp, session unique 
identifiers and the user's password, which can be queried 
from a User Database (UDB) server 350. If authentication 
passes, a message 331 is sent to the Web proxy cache 312 
telling it to grant access to the URLs associated with the 
selected advertisement for the IP address in use by the client, 
by instantiating appropriate ACLs for the session. The URLs 
allowed for a particular advertiser are predetermined by the 
access control proxy from a database of advertisers and 
associated ACLs. An advertisement startup procedure can be 
run and the time remaining that a user may spend at the 
current advertiser's URLs is sent back to the client. 

An example PCPD 330 startup procedure will now be 
described. When a user selects an advertisement from the 



20 



25 



30 



advertisement index, that user is queried from a user data- 
base to find any data describing previous interactions with 
that particular advertisement. The information is stored in 
the user database and variables such as the number of visits 
and total time viewing an advertisement are set in an 
advertiser specific startup procedure. The remaining time 
left for the current user for the selected advertisement can 
then be calculated. 

An example PCPD 330 shutdown procedure will now be 
described. The client access control application 210 shuts 
down a session by sending a shutdown message to the PCPD 
330, which is authenticated in a similar fashion to the 
session start message. Once a shutdown message has been 
authenticated, the access control proxy 310 is told to clear all 
ACLs for the client's IP address. All traces of the session 
being shutdown are removed from PCPD after an advertise- 
ment specific shut down procedure is run. 

At the end of an interaction with a particular 
advertisement, the same variables that were used in the 
startup procedure can be updated in the shutdown procedure. 
These variables can then be written back to a user database 
for future reference. The shutdown procedure also calculates 
whether an advertisement should be permanently removed 
from that client's advertisement index. If required, the 
PCPD 330 can instruct the client access control application 
210 to disable the particular advertisement in the index. 

To illustrate an embodiment of the present invention, the 
following lines of software code implement a sample adver- 
tisement startup and shutdown function suitable for use by 
the PCPD 330 with respect to a user allowed to visit an ACL 
a maximum of 5 times, for 5 minutes at a time: 



35 



45 



50 



55 



proc startrulc_visits { } { 
global Rule_Vars 
lassign $Rulc_Vars visits 
if { $visits < 5 } { 

return 300 
} else { 

return 0 

} 

} 

proc endrule_visits { } { 
global Rule_Vars 
lassign $Rule_Vars visits 
set visits [cxpr $visits + 1] 
set Rule_Vars [list $ visits] 
if { $visits >- 5 } { 

return -1 
} else { 

return 0 

} 

} 



65 



Further illustrating an embodiment of the present 
invention, the following lines of software code implement a 
sample advertisement startup and shutdown function suit- 
able for use by the PCPD 330 with respect to a user allowed 
to visit an ACL an unlimited number of times, for a total of 
20 minutes: 



proc startrule maxtime { } { 

global Rule__Vars 
lassign $Rule_Vars time 
if { Stime < 1200 } { 

return [expr $time - 1200] 
} else { 
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if the information request was granted, then: 

-continued retrieving by the access control system the requested 
^ information using one of: 

I return 0 the communications network; and 

} 5 a cache; and 

proc endruie_maxtime { } { sending by the access control system the retrieved 

global Ruic_Vars Timc_Eiapscd information to the client. 

^irtXjw 2 - ™ e methoc ! of claim h wherein tbe coramunicatiODS 

set Ruie_v™ [list $time] network is a packet network. 

if { $time >= 1200 } { io 3. The method of claim 1, wherein the client is a computer 

return -l located remote from the access control system. 

ClS return o ^ e memod °f c ^ m 1 » wherein said step of deciding 

} is also based on information stored in a user database. 

} 5. The method of claim 1, wherein the information request 

15 is a request to retrieve an information page. 

If a user picks a new advertisement from the advertise- 6 ' T^.^od of claim 5, wherein the communications 

ment index, the client access control application 210 sends ^twork is the Internet, the information page is a World 

a message to the PCPD 330, which essentially runs the ad Wlde Web P a S e and the first and network addresses 

related shutdown and startup procedures for the old and new are Internet protocol addresses. 

advertisements respectively. The PCPD 330 then sends 20 7. The method of claim 5, further comprising the step of: 

messages to the access control proxy to remove and install recording user history data based on the information page 

the proper ACLs. The PCPD 330 also has the ability to tear requests made by the requesting user identity. 

down the client's connection at any time by telling the 8. The method of claim 7, further comprising the step of: 

access control proxy 310 to remove all ACLs for the client's reporting composite history data based on recorded user 

IP address, and going through the advertiser shutdown 25 history data for a plurality of requesting user identities. 

sequence. This can happen from either the initial advertise- „ ^ method of claim 5 wherein slid of decidi 

ment or any subsequent advertisement. The user PC 200 can fc ^ based 0Q aQ access CQntrol m of in£ormation pages . 

be notified of the tear down via a message from the PCPD 1Q ^ method Qf claim „ whereiQ sdd f ^ * 

330 to the client access control application 210. . , . . . , t c r & 

, , , P i . is also based on at least one of: 

In summary a method and apparatus for correlating user 30 , , , . r , 

identity with requests for information for the purpose of the number of requests for the information page that have 

limiting access to information pages in a communications previously been associated with the requestmg user 

network has been described. identity; 

What has been described is merely illustrative of the the amount of time the information page has previously 

application of the principles of the present invention. Other 35 been displayed to the requesting user identity; and 

arrangements and methods can be implemented by those demographic information associated with the requesting 

skilled in the art without departing from the spirit and scope user identity. 

of the present invention. Ut ^ me thod of claim 5, wherein the second message 

Moreover, although various embodiments are specifically is received in accordance with hypertext transfer protocol 

illustrated and described herein, it will be appreciated that 4Q and the first message is received in accordance with a 

modifications and variations of the present invention are protocol other than hypertext transfer protocol, 

covered by the above teachings and within the purview of 12. The method of claim 1, further comprising the step of 

the appended claims without departing from the spirit and storing the requested information in a cache, 

intended scope of the invention. For example, although a 13. The method of claim 1, wherein said steps of receiving 

separate proxy controller and access control proxy are 45 a second message and retrieving are performed by a proxy, 

described in detail herein, it can be appreciated that any 14. The method of claim 1, wherein the first message also 

system or systems performing the same functions will still includes credential information and further comprising the 

fall within the scope of the invention. 5 tep of deciding whether the client is authorized to use the 

What is claimed is: access control system based on the credential information 

1. A method of operating an access control system for 5Q an d a user credential database, 

information retrievable using a communications network, 15, The method of claim 1, wherein said step of deter- 

comprising the steps of: mining is based on user identity information associated with 

receiving at the access control system from a client a first the first network address when the first network address has 

message containing user identity information in accor- been determined to be the same as the second network 

dance with a first protocol, wherein a first network 55 address. 

address can be deterrnined from the first message; 16. An apparatus for limiting information retrievable 

receiving at the access control system from the client a using a communications network, comprising: 

second message containing an information request in a proxy controller, comprising: 

accordance with a second protocol, wherein a second a user identity database, 

network address can be determined from the second 60 a proxy control processor, in communication with a 

message; client and said user identity database, configured to 

determining at the access control system a requesting user receive from the client a first message containing 

identity based on the first network address, the user user identity information, wherein a first network 

identity information and the second network address; address can be determined from the first message; 

deciding at the access control system whether to grant the 65 and 

information request based on the requesting user iden- an access control proxy in communication with said proxy 

tity; and controller, comprising: 
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a communications port capable of receiving informa- 
tion page data using the communications network, 
and 

a proxy processor, in communication with the client 
and said communications port, configured to receive 
from the client a second maessage containing a 
request for an information page, wherein a second 
network address can be determined from the second 
message and said proxy processor is configured to 
decide whether to retrieve the associated information 
page data from said communications port based on 
the first network address, the user identity informa- 
tion and the second network address and 
if the information request was granted, then: 

said proxy processor configured to retrieve the associ- 
ated information page from one of: 
said communications port; and 
a cache; and 

said proxy processor configured to send the retrieved 
information page to the client. 

17. The apparatus of claim 16, wherein said proxy pro- 
cessor is configured to use a Web proxy cache, 

18. The apparatus of claim 16, wherein said proxy pro- 
cessor communicates with the client using a first protocol 
and said proxy processor communicates with the client using 
a protocol other than the first protocol. 

19. The apparatus of claim 16, wherein the communica- 
tions network is a packet network. 

20. The apparatus of claim 16, wherein the communica- 
tions network is the Internet, the information page is a World 
Wide Web page and the first and second network addresses 
are Internet protocol addresses. 

21. The apparatus of claim 16, wherein the access control 
proxy further comprises: 

a request history storage unit in communication with the 
proxy processor, said proxy processor storing informa- 
tion related to information page requests in said request 
history storage unit. 

22. The apparatus of claim 16, wherein said proxy pro- 
cessor is also configured to decide whether to grant access 
based on an access control list of information pages. 

23. The apparatus of claim 16, wherein said proxy pro- 
cessor is also configured to determine a requesting user 
identity based on the first network address, the user identity 
information and the second network address, and said proxy 
controller is further configured to decide whether to grant 
access based on at least one of the following: 

the number of requests for the information page that have 
previously been associated with the requesting user 
identity; 

the amount of time the information page has previously 
been displayed to the requesting user identity; and 

demographic information associated with the requesting 
user identity. 

24. A computer readable medium having stored thereon 
instructions which, when executed by a processor, cause the 
processor to perform steps for operating an access control 
system for information retrievable using a communications 
network, said steps comprising: 

receiving at the access control system from a client a first 
message containing user identity information in accor- 
dance with a first protocol, wherein a first network 
address can be determined from the first message; 

receiving at the access control system from the client a 
second message containing an information request in 
accordance with a second protocol, wherein a second 
network address can be determined from the second 
message; 
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determining at the access control system a requesting user 
identity based on the first network address, the user 
identity information and the second network address; 

deciding at the access control system whether to grant the 
5 information request based on the requesting user iden- 
tity; and 

if the information request was granted, then: 
retrieving by the access control system the requested 
information using one of: 
10 the communications network; and 

a cache; and 

sending by the access control system the retrieved 
information to the client. 
25. An apparatus for operating an access control system 
15 for information retrievable using a communications 
network, comprising: 
means for receiving at the access control system from a 
client a first message containing user identity informa- 
tion in accordance with a first protocol, wherein a first 
network address can be determined from the first 
20 message; 

means for receiving at the access control system from the 
client a second message containing an information 
request in accordance with a second protocol, wherein 
a second network address can be determined from the 
25 second message; 

means for determining at the access control system a 
requesting user identity based on the first network 
address, the user identity information and the second 
network address; 
30 means for deciding at the access control system whether 
to grant the information request based on the requesting 
user identity; and 
if the information request was granted, then: 

means for retrieving by the access control system the 
35 requested information using one of: 

the communications network; and 
a cache; and 

means for sending by the access control system the 
retrieved information to the client. 
40 26. A method of operating an access control system for 
information retrievable using a communications network, 
said access control system communicating with a plurality 
of clients, comprising the steps of: 

receiving at the access control system from a first client of 
45 the plurality of clients a first message containing infor- 
mation identifying a first user in accordance with a first 
protocol, wherein a first network address can be deter- 
mined from the first message and wherein the first 
network address and the information identifying the 
50 first user is stored in a database; 

receiving at the access control system from a second 
client of the plurality of clients a second message 
containing information identifying a second user in 
accordance with a first protocol, wherein a second 
55 network address can be determined from the second 
message and wherein the second network address and 
the information identifying the second user is stored in 
the database; 

receiving at the access control system from one of the first 
60 client and the second client a third message containing 
an information request in accordance with a second 
protocol, wherein a third network address can be deter- 
mined from the third message; 
determining at the access control system a requesting user 
65 identity based on the third network address, the stored 
user identifying information and the stored network 
addresses; 
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deciding at the access control system whether to grant the 
information request based on the requesting user iden- 
tity; and 

if the information request was granted, then: 
retrieving by the access control system the requested 5 
information using one of: 
the communications network; and 
a cache; and 

sending by the access control system the retrieved 
information to the client. 10 

27. The method of claim 26, wherein the communications 
network is a packet network. 

28. The method of claim 26, wherein the information 
request is a request to retrieve an information page. 

29. The method of claim 28, wherein said step of deciding 15 
is also based on at least one of: 
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the number of requests for the information page that have 
previously been associated with the requesting user 
dentity; 

the amount of time the information page has previously 
been displayed to the requesting user identity; and 

demographic information associated with the requesting 
user identity. 

30. The method of claim 29, wherein said steps of 
receiving the third message and retrieving are performed by 
a proxy. 

31. The method of claim 30, wherein said step of deter- 
mining is based on user identity information associated with 
the first network address when the first network address has 
been determined to be the same as the third network address. 

***** 
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